SonarQube Remediation agent
The SonarQube Remediation agent will suggest fixes for issues found during your pull request analysis.
The SonarQube Remediation Agent is a Beta feature available with Enterprise plan accounts. It is free during the beta phase and will be a paid feature when it moves to General Availability. To learn more about the terms & conditions, please see our legal page about features in Early Access.
If your SonarQube Cloud organization is not on an Enterprise plan, please see the Getting started with Enterprise pages to get the process started.
The SonarQube Remediation agent helps you fix reliability and maintainability issues found in your latest code. It focuses on new issues discovered in your latest GitHub pull request (PR). These issues, picked up by the agent, would otherwise break the new code conditions of your quality gate and block the merge of your PR.
The SonarQube agent is only triggered by a Pull request analysis and does not engage with your branch analysis. See the Quality gate and metrics article to learn more about how the quality gate is computed on during a PR analysis.
Requirements and limitations
The SonarQube Remediation agent, when enabled, runs in your PR on private projects in GitHub.
You must have either Automatic analysis enabled or be running a CI-based analysis on your GitHub repository.
The agent can suggest code fixes on your pull request for Maintainability, Reliability, and a select set of Security issues found in Java, JavaScript/TypeScript, and Python code; the agent can also suggest fixes for Secrets detected in your code.
For a full list of supported rules, open the expandable below with your selected language:
Limits are placed on the agent’s activity to avoid noise in the comment history of your GitHub pull request. Currently, the limit is 50 issues; if more than 50 issues are introduced in your PR, the agent will not be triggered.
The SonarQube Remediation Agent will only work with issues found in one of the supported language types.
Once enabled in SonarQube Cloud, any of your GitHub repositories can add the SonarQube Remediation Agent as a GitHub App, irregardless of the language type.
Although SonarQube Cloud may find issues in a repository that contains an unsupported language for example, in C++, the agent won't be triggered in a pull request because C++ is not a supported language type.
Subscription
The SonarQube Remediation Agent is a Beta feature available with Enterprise plan accounts. It is free during the beta phase and will be a paid feature when it moves to General availability (GA).
If your SonarQube Cloud organization is not on an Enterprise plan, please see the Getting started with Enterprise pages to get the process started. To learn more about the terms & conditions for Beta, please see our legal page about features in Early Access.
Enable your agent
A SonarQube Cloud organization admin and an administrator for your GitHub account are needed to set up Sonar's AI agent for automated developer workflows:
If you haven't already, follow the instructions about /linkActivating automatic analysis or enabling a CI-based analysis on your project hosted in a GitHub repository.
Navigate to Your SonarQube Cloud Organization > Administration > AI capabilities > AI agent.
A GitHub administrator needs to install the SonarQube Agent GitHub app. Under Install app, select GitHub. The administrator will be prompted to install the app on the GitHub organization already linked to your SonarQube Cloud organization. If installed, the agent will be granted:
Read and write access to code and pull requests,
And Read-only access to issues and metadata.
Choose either All repositories or Only select repositories to control which repositories the AI agent can access. Once you've made your selection, select Install & Authorize to finish the setup. Please note that the installation may take a few seconds to complete.
After all the steps are successfully finished, the Enable agent > Remediation agent option will be automatically selected in SonarQube Cloud, and you will be able to commit the agent’s suggestions directly from your PRs.
Manage agent access
The SonarQube Remediation agent only has access to the repositories you define. To change repository access, a GitHub administrator who is also a SonarCloud Administrator can navigate in SonarQube Cloud to Your Organization > Administration > AI capabilities > AI agent. Under Install app, select Manage Permissions which takes you to your GitHub Apps page.
Alternatively, a GitHub administrator can navigate in GitHub to Your GitHub Organization > Settings > Third-party Access > GitHub Apps. Under Installed GitHub Apps > SonarQube Agent, select Configure.
In GitHub, under SonarQube Agent > Repository access, add or remove your repositories from the list. When finished, select Save to confirm your selection.
Disable or suspend agent access
It is possible to disable the SonarQube Remediation agent in SonarQube Cloud or in GitHub, if you prefer.
A SonarCloud Administrator can navigate to Your Organization > Administration > AI capabilities > AI agent > Enable agent and unselect Remediation agent. Once Save is selected, the agent will no longer be triggered in GitHub.
To suspend or uninstall SonarQube Agent completely, navigate in GitHub to Your GitHub Organization > Third-party Access > GitHub Apps > SonarQube Agent > Danger zone and select Suspend or Uninstall.
Suspend will block the agent’s access to your repositories. Choosing this option is the easiest way to restart the agent, when you're ready.
If you select and confirm Uninstall, the SonarQube Agent will be removed from all of your repositories and from your SonarQube Cloud Organization. The agent's activity will be remain in your PR history but if you want to use the agent again, you must return to the beginning to Enable your agent.
Agent behavior
The SonarQube Remediation agent's behavior is described on the Agents in your GitHub pull request page, along side other topics about Managing code issues in SonarQube Cloud.
Last updated
Was this helpful?